Most Internet users are probably unaware of the differences between those protocols. TLS basically improves SSL, and what makes this somewhat difficult to understand is that TLS uses a different version scheme than SSL.

The latest version of SSL is 3.0, while the latest TLS version is 1.2. Most web browsers support SSL 3.0 as the minimum required protocol to establish secure connections. Before that protocol is used, browsers try to use the "newer" TLS protocol first.

If you are running Firefox 26 currently, you may have noticed that your browser is only supported SSL 3.0 and TLS 1.0, but not TLS 1.1 or TLS 1.2 by default.

While the technology has been implemented, the reason that it is not enabled by default is that there is no fallback available in the browser to go from TLS 1.2 or TLS 1.1 to 1.0 or SSL 3.0. The effect in this case is that the connection cannot be established.

It is possible to enable TLS 1.1 or TLS 1.2 anyway in the browser right away. Or, you can wait until Firefox 27 ships as it will set TLS 1.2 as the new maximum version of the TLS protocol in the browser.

Checking the security protocol in Firefox

In older versions of Firefox, a preference was available in the browser's settings that you could use to select which security protocols you wanted the browser to use. Mozilla removed that options for the interface, so that it is now only available using about:config.

You can check the current maximum version in the following way:

Type about:config in the browser's address bar and hit enter.

Confirm that you will be careful if you get a warning message.

Search for the preference security.tls.version

You get two listings here. First, security.tls.version.max.

It is set to 1 by default in Firefox 26 and older, indicating that only TLS 1.0 is supported, but not TLS 1.1 or TLS 1.2

The second preference is security.tls.version.min

It is set to 0 by default, which indicates that SSL 3.0 is also support and the minimum required protocol for secure connections.

In Firefox 27, security.tls.version.max is changed to 3 by default, which means that both TLS 1.1 and TLS 1.2 are supported by Firefox by default then.

The preference security.tls.version.min determines the minimum protocol version supported by Firefox, while security.tls.version.max the highest protocol version.

Here are all possible values for the preference at the time of writing (this will be modified once newer versions of the TLS protocol come out).

0 means SSL 3.0 is the minimum required or maximum support version of the encryption protocol.

1 means that TLS 1.0 is the minimum required or maximum support version of the encryption protocol.

2 means that TLS 1.1 is the minimum required or maximum support version of the encryption protocol.

3 means that TLS 1.2 is the minimum required or maximum support version of the encryption protocol.

4 means that TLS 1.3 is the minimum required or maximum support version of the encryption protocol.

The min and max preference go hand in hand. In Firefox 27, min is set to 0 and max is set to 3, meaning that all protocols are supported, and that Firefox will try to use TLS 1.2 first, then TLS 1.1, then TLS 1.0, and then SSL 3.0.

You can modify that if you want, for instance by changing the min preference from 0 to 1, 2 or 3. This limits which protocols can be used to encrypt the flow of data, which in turn means that you may not be able to connect to web hosts which support only older protocol versions.

While not explicitly mentioned on Mozillazine, it is likely that Mozilla has implemented the fallback mechanism in Firefox 27 so that weaker protocols are used automatically if a server does not support stronger ones. Firefox will always try to use the strongest protocol first before it falls back to a weaker protocol version.

Additional information about Transport Layer Security are available on Wikipedia.

Summary

Article Name

Upcoming security improvements in Firefox 27 in regards to TLS support

Description

The guide lists the supported security protocols of Firefox, and the options provided by the browser to set minimum and maximum protocol support.

Author

Martin Brinkmann

Publisher

Ghacks Technology News

Logo

Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

About Martin Brinkmann

Martin Brinkmann is a journalist from Germany who founded Ghacks Technology News Back in 2005. He is passionate about all things tech and knows the Internet and computers like the back of his hand.You can follow Martin on Facebook, Twitter or Google+

“The min and max preference go hand in hand. In Firefox 27, min is set to 0 and max is set to 3, meaning that all protocols are supported, and that Firefox will try to use TLS 1.2 first, then TLS 1.1, then TLS 1.0, and then SSL 3.0.”

While Fx now supports TLS 1.1 and 1.2 by default, the browser still tells servers it prefers 1.0 connections. See https://cc.dcsec.uni-hannover.de/. That means it may nudge servers to use 1.0 even if both of them support higher versions. (BTW, Chrome also prefers 1.0 while IE prefers 1.2.)

About gHacks

Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.